nixos-unstable's
iso_minimal job for x86_64-linux.Build via:
git clone https://github.com/nixos/nixpkgs.git cd nixpkgs git checkout 823120765ccdd9f210e365f75afa732bffaf0aba nix-build ./nixos/release-combined.nix -A nixos.iso_minimal.x86_64-linux
0 unchecked
/nix/store/dvpwq4603wvyaq1k00rh1a8jxb5dp8db-python3.7-setuptools-41.0.1.drv/nix/store/agyj7pw44nbwdsk68gf9w3zf8rjd0b4f-opensc-0.19.0.drv/nix/store/2nnpbzmnm87whnnwb9m44clixh0vka9d-autogen-5.18.12.drv/nix/store/7djl0a02xj7k92n6mmjhwq2gv1cd1cxn-automake-1.15.drv/nix/store/m4ljnaa8haaqif7g39rn1pxx4zh5ay0l-ms-sys-2.6.0.drv/nix/store/7v9iaqp19p0nicq92jzvc2ysc9cgpcx4-guile-2.0.13.drv/nix/store/mficl61ii7lcc7dvpd3avdhq60yl3cjy-python2.7-pytest-4.6.3.drv/nix/store/w6z5vjk6vlakkfnlmiqwnl80jsv4l7v4-efivar-37.drv/nix/store/8rs9pbc47458l8vxv03hqhpkphwniyf4-automake-1.15.drv/nix/store/x0774a97cbxblrdi2n81nnxk73jr2vk4-man-db-2.7.5.drv/nix/store/1w1fypl702hq070mfzpngzax0bzj5v9a-syslinux-2015-11-09.drv/nix/store/0kflg21qf3d245p3kj360vxgw4r9l0hc-python2.7-setuptools-41.0.1.drv/nix/store/4zlkpv9gw90bl0jzfys5bxzy5z2ly2zl-nixos-minimal-19.09pre56789.gfedcba-x86_64-linux.iso.drv/nix/store/3kmgjjj346m3mf8yqkj2k98k4lrr7zl9-automake-1.15.drv/nix/store/pd4vms4npn4ni2ccczc3pb4x9sqc64cw-gcc-7.4.0.drvEach build is run twice, at different times, on different hardware running different kernels.
Fairly. We don't currently inject randomness at the filesystem layer, but many of the reproducibility issues are being exercised already. It isn't possible to guarantee a package is reproducible, just like it isn't possible to prove software is bug-free. It is possible there is nondeterminism in a package source, waiting for the some specific circumstance.
This is why we run these tests: to track how we are doing over time, to submit bug fixes for nondeterminism when we find them.
There are further steps we could take. For example, the next likely step is using disorderfs which injects additional nondeterminism by reordering directory entries.
Nix has built-in support for checking a path is reproducible. There are two routes.
Pretending you are debugging a nondeterminism bug in
hello. To check it, you build the package, and then
build it again with --check --keep-failed. This will
provide the differing output in a separate directory whic you can
use diffoscope on.
$ nix-build . -A hello $ nix-build . -A hello --check --keep-failed [...snip...] error: derivation '/nix/store/...hello.drv' may not be deterministic: output '/nix/store/...-hello' differs from '/nix/store/...hello.check' $ diffoscope /nix/store/...hello /nix/store/...hello.check
Note: the .check output is not a valid store path, and
will automatically be deleted on the next run of the Nix garbage
collector.
There is support for an automatic diff-hook in
Nix 2, but it is much more complicated to set up. If you would like to
work on this, or need help setting it up, contact gchristensen on
Freenode. We can work together to write docs on how to use it.